Thanks for explaining the fingerprinting considerations, Eero! One quick correction: the reduced User Agent string <https://developer.chrome.com/en/docs/privacy-sandbox/user-agent/> does not reveal OS/platform version as your recently added text seems to suggest. Other than that, I am satisfied that the API does not elevate fingerprinting risk.
On Tuesday, April 4, 2023 at 1:11:08 PM UTC-4 [email protected] wrote: > Hi, > > On Thurday, March 30, 2023 at 3:43:06 PM UTC+3Kaustubha Govind wrote: > > Would you be able to expand your Privacy Considerations section to address > whether the API is likely to expose any new fingerprinting surfaces? > > > I have added Fingerprinting > <https://github.com/riju/backgroundBlur/blob/main/explainer.md#fingerprinting> > > subsection to our Privacy Considerations section. > > Particularly; I am interested in understanding: > > 1. Whether there is additional information about the platform (e.g. OS > version) that can be gleaned by querying whether the platform supports > background blurring. Note that with the User Agent Reduction > <https://developer.chrome.com/en/docs/privacy-sandbox/user-agent/> > work, we are attempting to limit default access to some of this platform > identifying information. > > In short, there isn't but see the linked Fingerprinting subsection for > detailed analysis. > > > 1. How stable do we expect the blur to be across hardware > configurations? It would be unfortunate if this turned into a problem > similar to Canvas Fingerprinting. > > In Canvas Fingerprinting, sites can draw to a canvas (the source) as they > like and fingerprint the result which may be a bit different on different > platforms and platform versions. I assume that you refer to this (lack of) > stable result here. > This is really not an issue with background blur. In the case of the > getUserMedia tracks, the sites has access to tracks which may have > background blur in effect and may allow background blur to be > disabled/enabled and to the resulting frames. However, sites have no > control on the source (what's in the field-of-view of a camera) so it is > not possible to reprocess the same frames on different platforms and > platform versions and to compare the results. > > > Perhaps one mitigation here is that the capability is gated behind the > getUserMedia() permission; which limits drive-by fingerprinting? > > > That is the main gate but see the linked Fingerprinting subsection for > detailed analysis. > > BR, > Eero > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c2b4ee97-ba9e-486f-b4b0-028e79c98918n%40chromium.org.
